Heads-Up: GoDaddy Broke the Interwebs...
Christopher Morrow
morrowc.lists at gmail.com
Wed Sep 12 03:43:31 UTC 2012
On Tue, Sep 11, 2012 at 11:16 PM, Naveen Nathan <naveen at lastninja.net> wrote:
>> Well, mostly I'm taking GoDaddy at their word that this was not a DoS attack.
>>
>> I also believe it was related to BGP, and am happy to get more info. But we are discussing Anonymous vs. Self-inflicted wound here.
>
> I'm skeptical, BGPlay (http://bgplay.routeviews.org/) doesn't show any withdrawn routes for any of their prefixes over Sep 9-11. Infact, their BGP operation looks fairly operational during the time from what I can gather.
a bgp error doesn't HAVE to mean that they withdrew (or even
re-announced!) anything to the outside world, does it?
for instance:
border-router -> internet
redistribute your aggregate networks from statics to Null0 on the
border-router
accept full routes so you can send them to the other borders and
make good decisions at the external edge
border-router -> internal
send default or some version of default via a fitler to internal
datacenter routers/aggregation/distribution devices.
accept from them (maybe) local subnets that are part of your aggregates
now, accidently remove the filter content for the sessions between the
border and internal ... oops, your internal devices bounce with
'corrupted tables' (blown tables)... you still send your aggs steadily
to the interwebs, wee!
-chris
More information about the NANOG
mailing list